Published: 03/10/2017 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 756

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Stack-based buffer overflow in dnsmasq prior to 2.78 allows remote malicious users to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat enterprise linux desktop 7.0
redhat enterprise linux workstation 7.0
redhat enterprise linux server 7.0
debian debian linux 7.1
debian debian linux 7.0
canonical ubuntu linux 16.04
canonical ubuntu linux 14.04
canonical ubuntu linux 17.04
debian debian linux 9.0
opensuse leap 42.3
opensuse leap 42.2
thekelleys dnsmasq

Synopsis Critical: dnsmasq security update Type/Severity Security Advisory: Critical Topic An update for dnsmasq is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...

Synopsis Critical: dnsmasq security update Type/Severity Security Advisory: Critical Topic An update for dnsmasq is now available for Red Hat Enterprise Linux 72 Extended Update Support and Red Hat Enterprise Linux 73 Extended Update SupportRed Hat Product Security has rated this update as having a secur ...

Felix Wilhelm, Fermin J Serna, Gabriel Campana, Kevin Hamacher, Ron Bowes and Gynvael Coldwind of the Google Security Team discovered several vulnerabilities in dnsmasq, a small caching DNS proxy and DHCP/TFTP server, which may result in denial of service, information leak or the execution of arbitrary code For the oldstable distribution (jessie) ...

Several security issues were fixed in Dnsmasq ...

USN-3430-2 introduced regression in Dnsmasq ...

Several security issues were fixed in Dnsmasq ...

Information leak in the DHCPv6 relay codeAn information leak was found in dnsmasq in the DHCPv6 relay code An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data (CVE-2017-14494) Memory exhaustion vulnerability in the EDNS0 codeA memory ...

A memory exhaustion flaw was found in dnsmasq in the EDNS0 code An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet (CVE-2017 ...

A stack buffer overflow was found in dnsmasq in the DHCPv6 code An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code ...

''' Sources: rawgithubusercontentcom/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14493py securitygoogleblogcom/2017/10/behind-masq-yet-more-dns-and-dhcphtml 1) Build the docker and open two terminals docker build -t dnsmasq docker run --rm -t -i --name dnsmasq_test dnsmasq bash docker cp pocpy dn ...

Dnsmasq versions prior to 278 suffer from a stack-based overflow vulnerability ...

Safe libc using introspection

What is this? This code consists of wrapper functions that filter parameters of potentially "unsafe" libc functions (like gets) to make them usable without the risk of of buffer overflows How does it work? Code is instrumented with AddressSanitizer and wrapper functions around (potentially) unsafe libc functions use information from AddressSanitizer to prevent buffer

Safe libc How to build # llvm toolchain [ ! -d $HOME/git ] && mkdir $HOME/git cd $HOME/git git clone githubcom/introspection-libc/safe-libc-evaluation git clone githubcom/introspection-libc/safe-libc safec git clone githubcom/introspection-libc/llvm (cd llvm/tools && git clone githubcom/introspection-libc/clang

What is this? This code consists of wrapper functions that filter parameters of potentially "unsafe" libc functions (like gets) to make them usable without the risk of of buffer overflows How does it work? Code is instrumented with AddressSanitizer and wrapper functions around (potentially) unsafe libc functions use information from AddressSanitizer to prevent buffer

dnsmasq rop exploit with NX bypass

bof-dnsmasq-cve-2017-14493

CWE-119 https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html http://thekelleys.org.uk/dnsmasq/CHANGELOG http://www.securitytracker.com/id/1039474 https://www.exploit-db.com/exploits/42943/http://www.securityfocus.com/bid/101085 https://www.kb.cert.org/vuls/id/973527 https://access.redhat.com/security/vulnerabilities/3199382 https://access.redhat.com/errata/RHSA-2017:2837 https://access.redhat.com/errata/RHSA-2017:2836 http://www.ubuntu.com/usn/USN-3430-2 http://www.ubuntu.com/usn/USN-3430-1 http://www.debian.org/security/2017/dsa-3989 http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html http://nvidia.custhelp.com/app/answers/detail/a_id/4561 https://security.gentoo.org/glsa/201710-27 https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=3d4ff1ba8419546490b464418223132529514033 https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html https://access.redhat.com/errata/RHSA-2017:2836 https://nvd.nist.gov https://usn.ubuntu.com/3430-1/https://www.exploit-db.com/exploits/42943/https://www.kb.cert.org/vuls/id/973527

CVE-2017-14493

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect